Senior Risk & Compliance Analyst

SWBC is seeking a talented individual to lead and support end-to-end compliance initiatives for enterprise information technology systems, software, applications, facilities, information, and data.  This role is critical in ensuring SWBC maintains a strong security posture and meets regulatory, contractual, and customer expectations. The ideal candidate will have deep expertise in AICPA Service Organization Control (SOC) audits, risk assessments, vendor due diligence, client/customer due diligence, and policy governance, with a strong understanding of security frameworks and compliance standards.  This position is empowered to grow in a fast-paced, growing environment while working well within a results-oriented, security-focused team for our distributed financial services company.

Why you'll love this role:

In this role, you’ll be a key contributor to SWBC’s dynamic and fast-paced Governance, Risk, and Compliance (GRC) team. You’ll take full ownership of compliance initiatives from start to finish, using industry-leading tools to drive meaningful impact across the organization. You’ll feel accomplished knowing your work supports every corner of SWBC from clients and business units to technology teams ensuring compliance standards are met and exceeded. As part of the Information Security team, you’ll lead project-based risk and compliance efforts in a growing financial services company with a strong security and compliance culture.  If you thrive in a collaborative environment and are passionate about compliance excellence, this is the role for you.

Essential duties include the following:

• Lead the planning, coordination, and execution of SOC reporting, client, and internal audits.
• Gather documentation and evidence to support audit and compliance activities.
• Maintain audit readiness and ensure timely remediation of control gaps.
• Conduct internal risk assessments and control testing across business units.
• Support customer security assessments, RFP responses, client security inquiries, and due diligence processes.
• Monitor compliance processes to align with legal, statutory, regulatory, or contractual obligations.
• Develop, review, and maintain security and compliance policies and procedures.
• Ensure alignment with industry standards such as ISO/IEC 27001, NIST, PCI DSS, CIS, and industry best practices.
• Lead security and technology governance awareness and acknowledgement throughout SWBC.
• Identify, assess, and track remediation of technology, security, and privacy risks.
• Maintain risk registers and support mitigation strategies.
• Conduct risk assessments throughout the information systems and product lifecycle.
• Partner with Legal, IT, Security, and Business stakeholders to ensure compliance objectives are met.
• Provide compliance guidance for new initiatives, systems, and processes.
• Collaborate with internal information security, physical security and organizational resiliency teams to deliver positive outcomes.
• Self-motivated and detail-oriented with strong technical and security acumen.
• Ability to manage multiple projects and deadlines in a dynamic environment.
• Experience working in Agile environments, with a strong understanding of Agile principles, ceremonies, and iterative delivery models.
• Strong interpersonal skills and ability to work collaboratively across teams.
• Experience in a regulated industry, preferably financial services.

Serious candidates will possess the minimum qualifications:

• Bachelor’s degree in information security, Business, Risk Management, or related field.
• Minimum 5+ years of experience in IT compliance, audit, and risk management.
• Strong knowledge of SOC 1, SOC 2, and frameworks such as ISO 27001, NIST CSF, PCI DSS, and industry best practices.
• Experience leading audit engagements from initiation to report delivery and remediation.
• Experience with GRC tools and audit management platforms.
• Excellent communication, analytical, and project management skills.
• Must have or be able to obtain CISA and CRISC certifications within 12 months.
• Relevant certifications such as CISSP, AWS Security, or CompTIA Security+ are highly preferred.
• Demonstrated Ability to analyze, organize and prioritize work.
• Proven ability to work independently and collaboratively on multiple projects with multiple stakeholders concurrently.
• Experience adapting to change in working environment.
• Demonstrated ability to communicate and interact effectively.
• The role requires a self-motivated, detail-oriented analyst with strong technical and security acumen and exceptional communications and interpersonal skills.
• Flexibility in working on multiple technical projects with internal and external business, support, and information technology stakeholders is essential.

SWBC offers*:  

• Competitive overall compensation package
• Work/Life balance 
• Employee engagement activities and recognition awards 
• Years of Service awards
• Career enhancement and growth opportunities 
• Leadership Academy and Mentor Program
• Continuing education and career certifications 
• Variety of healthcare coverage options
• Traditional and Roth 401(k) retirement plans 
• Lucrative Wellness Program

*Based upon employee eligibility 

Additional Information:

SWBC is a Substance-Free Workplace and requires pre-employment drug testing.

Please note, SWBC does not hire tobacco users as allowed by law.

To learn more about SWBC, visit our website at www.SWBC.com. If interested, please click the appropriate apply button.